Alarm sounding: Anti-virus softwares break Windows
12:01:00 | 10-09-2008

Bkav has recently got requests for help from users complaining about their computer downtime. The disruption happens just after the virus scanning process. Users cannot either log into their Windows or perform any operations on their PCs.

Almost all users blame viruses for destroying their operating system, forcing them to reinstall Windows. In some cases, the whole data was lost.

However, the truth is far from that. Experiments have revealed that virus is not the real culprit. It is, surprisingly, the anti-virus software that breaks your Windows.

Bkav discovered the case six months ago but didn't release the warning for fear that this might be seen as unhealthy rivalry. However, when the situation becomes so alarming with at least 47,000 PCs affected, we know it's time to have a say.

To clarify the matter, on November 12, 2008, Bkav specialists conducted an actual experiment with five anti-virus softwares: BitDefender, Kaspersky, McAfee, Symantec and Bkav. IT reporters were invited to ensure the objectivity of the experiment.

The fact was brought to light after three hours. All of the five antivirus softwares were able to detect and remove the viruses. However, in the cases of BitDefender, Kaspersky, McAfee and Symatec, viruses were killed and, unfortunately, the original file was lost, too. Only Bkav could do two good jobs: catching virus and restoring original files, getting Windows back to its basic function.

The experiment's detailed results are presented at the end.

Experiment Details

Four computers with clean environment were utilized for the experiment. Internet connection was turned off, following was a fixed procedure: infect the computers with the intended kinds of virus => restart the computers => install the latest versions of antivirus software => reboot the machines and start the scanning process.

Experiment 1: BitDefender 2009 and Xpack - Chinese origin virus

Like a spy, Xpack lies dormant in computers and continually downloads malwares from the Internet. Specialists planted Xpack on the PC, set up BitDefender 2009 and restarted the computer. The virus was detected and removed. However, the second time the computer was restarted, the operating system failed to "start up". Whenever the specialists finished typing the login password, Windows would automatically logout and a new window appeared, requesting to login again. The Windows was corrupted.

The indentified cause: Xpack copied itself to the UserInit.exe file. BitDefender 2009 caught the virus and, at the same time, deleted the original file, causing Windows to collapse.

Experiment 2: Symantec's Norton Antivirus 2009 and OnlineGameJYA virus

OnlineGameJYA is programmed to steal passwords and personal information of online gamers. Specialists infected the PC with OnlineGameJYA, installed Norton Antivirus and rebooted the machine. When the computer was clear of virus, it was restarted. This time, the Taskbar disappeared, it was impossible to drag or drop files and folders, Windows key and copy-paste functions were unusable. Windows on the computer at this time was corrupted.

The identified cause: OnlineGameJYA overwrote system file rpcss.dll. Norton Antivirus 2009 removed the virus and couldn't recover the original file.

Experiment 3: Kaspersky 2009 and Virus ExpdownB

ExpdownB, like Xpack, is a "lying dormant" strain of virus. An experiment procedure similar to those of Xpack and OnlineGameJYA was carried out. After freeing the PC of the virus, specialists restarted the machine and began to log into the operating system. This time, the PC's desktop became useless.

The identified cause: On detecting and removing virus, Kaspersky deleted Explorere.exe file and could not restore the original file.

Experiment 4: McAfee 2009 and Virus Xpack

Because of its complex update process, McAfee 2009 was installed in the experimental PC beforehand. Discovering Xpack in the UserInit.exe file, McAfee isolated the virus. The phenomenon was like the case with BitDefender 2009. After restarting the computer, specialists couldn't log into the Windows.

Virus overwrites the UserInit.exe file

Experiment 5: Bkav and the four virus families

The experiment was conducted with the free version BkavHome. The same process was carried out: specialists infected the PCs with the four strains of virus, installed BkavHome, and then rebooted the computers. One after the other, the Auto Protect function of Bkav found and killed the virus.

The algorithm of Bkav software successfully decoded the original code as well as recovered the files of the operating system, getting windows back to its basic function.


Virus is not the villain of every computer's malfunction. Antivirus softwares (BitDefender, Kaspersky, McAfee and Symantec) are sometimes the very cause of the situation.


Users shouldn't employ BitDefender, Kaspersky, McAfee and Symantec as removal tools when their PCs carry the above mentioned families of virus.